CreatePayment endpoint of Square API

I have to integrate Square API in my application developed in .net. I have to process online payments through Square API which are made on my website.
I searched on square documentation and related to dot net I found link
https://developer.squareup.com/blog/announcing-squares-new-net-sdk/
Sample code provided above is only for creating customer on Square. where I will find sample code for making payments with Card details.Did more research and came across below one. This ask for payment, API Keys and many more things but not asking for Card details.
I can’t understand where I have to add card details.
https://developer.squareup.com/explorer/square/payments-api/create-payment
Also what are
idempotency_key and source_id. Need help on urgent basis…
I am looking for it from two days. (edited)

You’re on the right track by looking at the Payments API. I think the part that you’re missing is that the source_id is where you would insert a Card Nonce (this is the one-time use token to refer to a customer’s card details).

Using API Explorer, you could see that an example would look like this:

var amountMoney = new Money.Builder()
  .Amount(100L)
  .Currency("USD")
  .Build();

var body = new CreatePaymentRequest.Builder(
    sourceId: "cnon:card-nonce-ok",
    idempotencyKey: "89831522-606e-49e1-aafb-17deaeb37795",
    amountMoney: amountMoney)
  .Build();

try
{
  var result = await client.PaymentsApi.CreatePaymentAsync(body: body);
}
catch (ApiException e)
{
  Console.WriteLine("Failed to make the request");
  Console.WriteLine($"Response Code: {e.ResponseCode}");
  Console.WriteLine($"Exception: {e.Message}");
}

The cnon:card-nonce-ok is a test value to use in Sandbox, that is intended to stand in place of an actual nonce that you would normally get from your front-end.

You’ll want to work through the Payment Form guide to get your front-end setup to accept credit card payments (assuming you’re building a web app).

You can also find examples in the GitHub docs for the DotNet (C#) SDK to see how to build your requests.

At a very basic level, the flow should follow:

Front-end (either mobile or web) to securely capture card details => Post nonce/token to backend for process => Make call to Square APIs to process nonce/token

For the final step, you can see in our docs the various ways you can process a payment.

what is source_id? I don’t have any Idea. Please help me on this

Sorry, I accidentally posted early and have updated my original response.

A source_id is just the ID of what you want to use to fund a payment. This can be either a nonce you have received from our Payment Form or In-App Payments SDK, or it can be the card_id for a card on file stored on a customer.

An idempotency_key is a unique key for making sure that a request is only processed once. We have a video explaining the concept of idempotency here:

Can I create nonce using Square APIs (Payments API) as we are able to do with SqPaymentForm library. As I can see it is very important attribute of the request.
If it can be done from Payments API then It will be great. I don’t want to create mess of code like some part (creating nonce) is done through javascript and rest is done in MVC part.

There is no way to generate the nonce outside of using the Payment Form or In-App Payments SDK. Those are used to securely capture the card details directly on Square servers.

Any other way would require you handling Personally Identifiable Information (PII) that needs to remain secure to maintain PCI compliance.

can you share some reference URL to

Any other way would require you handling Personally Identifiable Information (PII) that needs to remain secure to maintain PCI compliance.

. How to achieve thi
Thanks!

We do not support any other way at Square. I was just saying that not using a nonce, would mean that you would have to directly pass this information (which you generally should not do, unless you are building your own PCI-compliant systems).

We require that you use either the Payment Form or the In-App Payments SDK for capturing card details for card-not-present payments.

Hi Team,

I am able to make request to card-nonce API from Postman. I made POST request like below.

URL: https://pci-connect.squareupsandbox.com/v2/card-nonce

Request Type: POST

Data sent as Raw in Body

{“client_id”:“Sandbox Application ID”,“session_id”:“Got this when I made request from my application for nonce.”,“website_url”:"",“analytics_token”:"",“card_data”:{“number”:“4111111111111111”,“exp_month”:12,“exp_year”:2021,“cvv”:“111”,“billing_postal_code”:“11111111”}}

what I observed is, In this request required things are
client_id : Sandbox Application ID

session_Id: Got this when I made request from my application for nonce. I am surprised this session is valid even today. And more surprised, this session Id works even with any Sandbox Application Id. How it is working?

CardDetails object

If request in same manner can be made for production as well? If so I am planning to use session Id which I received while making request at local host and other parameters will be available with me.
I will make this request before hitting CreatePayment API.
Please help is this possible.

No, this is not supported. That endpoint is only used by the Payment Form to securely generate a nonce, which you then send to your backend to process with Square’s APIs.

In your case, it inherently implies that you have and are storing a full Personal Account Number (PAN), CVV, Expiration Month & Year, and postal code.

Square provides a managed payments platform. This means we take on many things for our sellers, including the burden of PCI compliance. In order to keep you out of PCI scope, your code can’t touch PCI data. This is what SqPaymentForm is designed to do - keep you out of scope, and ensure we can continue to operate effectively. If you’re PCI certified and want to handle the data, you’ll probably need to find another provider.

We do not support or condone using that endpoint or the payment form outside of the way that it is currently documented.

I’m not intending this to come across harshly, but just to emphasize the importance of not proceeding with this route of processing.

I very strongly recommend to simply implement the payment form or in-app payments SDK for handling capturing secure payment details from your customers.

1 Like

If you need help or have questions in implementing the payment form, we’re all more than happy to help guide you in that process. :smiley:

Hi Richard,

I have everything set up and working great in sandbox mode.
I am using ASP .NET and have followed the examples on github for v2 checkout to get things up and running.
The only thing I have left to do is when the customer chooses not to create an account on my website, i would like to have the checkout form on square request an address. https://images.ctfassets.net/1nw4q0oohfju/8p5PTjeSUQcnBa0X7nzlB/7f2fd3602e87d10d5f102a8e39b59f60/checkout-digitalwallet.png
Like this. I am seeing a lot about ask_for_shipping_address and i tried putting that in my appsettings but to no luck. Any tips?

Are you adding the AskForShippingAddress method to your CreateCheckoutRequest.Builder?

var body = new CreateCheckoutRequest.Builder(idempotencyKey: null, order: null)
  .AskForShippingAddress(true)
  .Build();

I’ll admit I’m not terribly familiar with C#, but that is what we have generated for C# when adding true for that field in our API Explorer.